Biometrics for public sector applications



Similar documents
Conformance test specification for BSI-TR Biometrics for public sector applications

Biometrics for public sector applications

Biometrics for Public Sector Applications

Best Practice Fingerprint Enrolment Standards European Visa Information System

Modular biometric architecture with secunet biomiddle

Published International Standards Developed by ISO/IEC JTC 1/SC 37 - Biometrics

Best Solutions for Biometrics and eid

Product Testing Programs

BIOMETRICS STANDARDS AND FACE IMAGE FORMAT FOR DATA INTERCHANGE - A REVIEW

Description of Biometric Data Interchange Format Standards

Preventing fraud in epassports and eids

COMMON CERTIFICATE POLICY FOR THE EXTENDED ACCESS CONTROL INFRASTRUCTURE FOR PASSPORTS AND TRAVEL DOCUMENTS ISSUED BY EU MEMBER STATES

PRIME IDENTITY MANAGEMENT CORE

MOBILE IDENTIFICATION:

Fingerprint Scanners Comparative Analysis Based on International Biometric Standards Compliance

Spanish Certification Body. Challenges on Biometric Vulnerability Analysis on Fingerprint Devices. New. Technical Manager September 2008

Biometric Performance Testing Methodology Standards. Michael Thieme, Vice President IBG, A Novetta Solutions Company

Department of Homeland Security

Spoof Detection and the Common Criteria

Statewatch Briefing ID Cards in the EU: Current state of play

Standards for Identity & Authentication. Catherine J. Tilton 17 September 2014

Advanced Security Mechanisms for Machine Readable Travel Documents and eidas Token

Embedded and mobile fingerprint. technology. FingerCell EDK

Discover Germany s Electronic Passport

End-to-end security with advanced biometrics technology

End-to-end security with advanced biometrics technology

Full page passport/document reader Regula model 70X4M

Facts about the new identity card

BIOMETRICAL IDENTITY MULTI-MODAL SOLUTIONS

Border control using biometrics in Japan. September 2008 NEC Corporation/Daon

European Electronic Identity Practices Country Update of Portugal

FIVE-MINUTES-TO-CONTRACT The DESKO over-all concept for digital contract management and ID verification.

Implementation of biometrics, issues to be solved

Understanding The Face Image Format Standards

eidas as blueprint for future eid projects cryptovision mindshare 2015 HJP Consulting Holger Funke

SWGFAST. Defining Level Three Detail

Biometrics for payments. The use of biometrics in banking

Case Studies. National Identity Management Commission (NIMC), Nigeria eid Consulting for national ID system

Establishing and Managing the Schengen Masterlist of CSCAs

Electronic machine-readable travel documents (emrtds) The importance of digital certificates

Technical Study on Smart Borders Cost Analysis. Final Report

Landscape of eid in Europe in 2013

Keywords: fingerprints, attendance, enrollment, authentication, identification

BIOMETRICAL IDENTITY MULTI-MODAL SOLUTIONS

May For other information please contact:

Procedure for obtaining Biometric Device Certification (Authentication)

SECURE IDENTITY MANAGEMENT. Globally recognised identity management expertise

Code of Practice on Electronic Invoicing in the EU

ID Security Made in Germany Holistic Solutions for Biometric Systems and Identity Documents

Development of Attendance Management System using Biometrics.

FAQs Electronic residence permit

Doc. Machine. authority

MegaMatcher Case Study

Bangladesh Voter Registration Duplicate Search System Implemented by the Bangladesh Army and Dohatec Based on MegaMatcher Technology

ISO/IEC for secure mobile web applications

Identity Verification Program Guide

Identity - Privacy - Security

Security by Politics - Why it will never work. Lukas Grunwald DN-Systems GmbH Germany DefCon 15 Las Vegas USA

Information about the European Union is available on the Internet. It can be accessed through the Europa server (

ID Document Scanning and Biometric Solutions

Test plan for eid and esign compliant terminal software with EACv2

TECHNICAL SPECIFICATION

Machine Readable Travel Documents

Moving to the third generation of electronic passports

October 2014 Issue No: 2.0. Good Practice Guide No. 44 Authentication and Credentials for use with HMG Online Services

POSITION PAPER. The Application of Biometrics at Airports PUBLISHED BY ACI WORLD HEADQUARTERS GENEVA SWITZERLAND

De-duplication The Complexity in the Unique ID context

FAQs - New German ID Card. General

OFFICIAL SECURITY CHARACTERISTIC MOBILE DEVICE MANAGEMENT

Details for the structure and content of the ETR for Site Certification. Version 1.0

Opinion and recommendations on challenges raised by biometric developments

MACHINE READABLE TRAVEL DOCUMENTS

Common Criteria Protection Profile for Inspection Systems (IS) BSI-CC-PP Version 1.01 (15 th April 2010)

Guidelines concerning Fingerprint Transmission

Security Target for PalmSecure

Best Practices in Testing and Reporting Performance of Biometric Devices. Version 2.01

Smart grid cyber security certification

Technical Guideline eid-server. Part 2: Security Framework

Privacy by Design The case of Automated Border Control. Authors: Pagona Tsormpatzoudi, Diana Dimitrova, Jessica Schroers and Els Kindt

Biometrics and Cyber Security

This method looks at the patterns found on a fingertip. Patterns are made by the lines on the tip of the finger.

Technical Guidelines RFID as Templates for the PIA- Framework

ETSI TS : Electronic Signatures and Infrastructures (ESI): Policy

Company Overview. Iraq: Activities & Experience

Self Testing and Product Qualification Processes

Business Operations. Module Db. Capita s Combined Offer for Business & Enforcement Operations delivers many overarching benefits for TfL:

Automated Regional Justice Information System (ARJIS) Acceptable Use Policy for Facial Recognition

Keep Out of My Passport: Access Control Mechanisms in E-passports

Fingerprint Based Biometric Attendance System

Digital Identity & Authentication Directions Biometric Applications Who is doing what? Academia, Industry, Government

Transcription:

Technical Guideline TR-03121-1 Biometrics for public sector applications Part 1: Framework Version 3.0

Bundesamt für Sicherheit in der Informationstechnik Postfach 20 03 63, 53133 Bonn, Germany Email: TRBiometrics@bsi.bund.de Internet: https://www.bsi.bund.de Bundesamt für Sicherheit in der Informationstechnik 2013

Index of contents Index of contents 1 Introduction...4 1.1 Motivation and Objectives of Technical Guideline Biometrics...4 1.2 Fundamentals of this Guideline...4 1.3 Target Audience and User...5 1.4 Terminology...5 2 Structure of TR Biometrics...6 3 How to use this Technical Guideline...7 4 Application Profiles...9 5 Function Modules...10 5.1 Organisation of the Function Modules...10 5.2 Function Module classes...10 6 List of abbreviations...13 7 Bibliography...16 List of tables Table 5-1: Function module classes...11 List of figures Figure 3-1: Overview of the Technical Guidelines...7 Bundesamt für Sicherheit in der Informationstechnik 3

Inhaltsverzeichnis 1 Introduction 1.1 Motivation and Objectives of Technical Guideline Biometrics Biometric methods are used in many different areas of applications. The solutions and systems available on the market are able to serve a broad range regarding performance, security, usability and standard conformance. For public sector applications, it is necessary to define precise requirements and general conditions. Furthermore, the systems have to be defined in a way which allows for extension in future developments. The objective of this Technical Guideline (TR Biometrics) is to offer a basis for a consistent and comparable quality of public sector applications and for building a common architecture. This guideline has the following objectives: Specification of standardised quality requirements for various kinds of biometric applications, definition of standardised security requirements, support for procurement processes of the public sector, establishment of guidelines across applications (specification of requirements from enrolment to verification or identification), design of a simple and well-structured software architecture with defined interfaces to avoid proprietary systems and to establish investment security, flexibility and interoperability, establishment of a certification scheme for conformance testing, integration into the international context by adoption of established standards. 1.2 Fundamentals of this Guideline The fundamental concepts of this guideline are: Modularity The complete guideline is built from several single guideline modules. For a single application area only the respective modules have to be taken into account. This is done in order to avoid side effects between different kinds of applications which would occur due to changes of special functions. Clarity The concept of this guideline follows a well structured framework. With this framework it is easily understandable which kind of guideline modules are valid for the respective application scenario. Expandability Modularity is the key component of expandability in the scope of this guideline. This is valid regarding new applications as well as new functional units. 4 Bundesamt für Sicherheit in der Informationstechnik

Introduction Standard conformance The Technical Guideline takes national and international standards and guidelines into account and deploys them for governmental applications. Conformance and certification The guideline modules are designed in such a way that requirements and conditions for single functional units are clearly separated from each other. Products for single functional units are clearly defined regarding the interfaces and the range of their functionality so that they can be tested for conformance with this guideline and certified. Ability to reference The use of functional units allows to specify precise requirements for products that are used in according application scenarios. Therefore, this guideline can be used as a reference e.g. for tenders. Market orientation The definition of functional units is related to the products that can be found on the market. Requirements of the guideline can be unambiguously assigned to the respective systems and components. It should be noted that the content of this guideline is limited to the aspects of biometrics. Interfaces to further technologies (e.g. connection of optical or electronic document readers) are out of scope of this document. 1.3 Target Audience and User Audience for this guideline are institutions that are dealing with projects using biometrics in public sector applications. These include: Agencies that are issuing identity documents or visas, e.g. passport agencies of the local authorities or missions abroad of the Federal Foreign Office. Public Authorities using biometric applications for identity verification of people, e.g. the German Federal Police (Polizeien des Bundes) or the Police of the Federal States (Polizeien der Länder), the German Customs Administration (Bundeszollverwaltung) or the Federal Administrative Office (Bundesverwaltungsamt). Beside these users, this guideline also addresses vendors of biometric systems as well as integrators and application developers. 1.4 Terminology The key words MUST, MUST NOT, REQUIRED, SHALL, SHALL NOT, SHOULD, SHOULD NOT, RECOMMENDED, MAY, and OPTIONAL in this technical guideline are to be interpreted as described in [RFC2119]. Bundesamt für Sicherheit in der Informationstechnik 5

Inhaltsverzeichnis 2 Structure of TR Biometrics The TR Biometrics consists of the following several parts: Part 1: Framework (TR-03121-1) TR-03121-1 is the framework document of the guideline. It explains the concept and the relation between the different parts. Part 2: Software Architecture (TR-03121-2) In the second part of this guideline at first the Software Architecture based on the BioAPI standard (ISO/IEC 19784-1) is defined. Part 3: Application Profiles and Function Modules (TR-03121-3) In the third part, the different Applications Profiles with corresponding Function Modules are defined. These contain the detailed technical requirements for each of the components. For practical purposes, this part is split up in different volumes to serve different user groups. Additionally, the technical guideline BSI-TR 03122 Conformance Test Specification for Technical Guideline TR-03121 Biometrics for Public Sector Applications describes the requirements that are essential to declare conformance or to declare the absence of conformance. It consists of the following parts: Part 1: Framework (TR-03122-1) Part 2: Software Architecture BioAPI Conformance Testing (TR-03122-2) Part 3: Test Cases for Function Modules (TR-03122-3). 6 Bundesamt für Sicherheit in der Informationstechnik

3 How to use this Technical Guideline How to use this Technical Guideline This chapter gives a short overview how to read and apply this guideline step by step. Figure 3-1: Overview of the Technical Guidelines 1. The user chooses the desired Application Profile. With the help of the Application Profile the user can get a deeper insight into the application, the required software architecture components and the described functionality. TR-03121-2 offers further information about the software architecture component model. 2. Based on the Application Profile, the mandatory Function Modules are identified. One profile can link to several Function Modules due to different kinds of underlying biometric characteristics or the fact that different technologies (e.g. scanners or digital cameras for the digitisation of a photo) are used. Function Modules are referenced by an explicit identifier, e.g. P-FP-GID. The first part identifies the Function Module (e.g. Process), the second part represents the biometric characteristic (e.g. fingerprint), and the last part denotes a further descriptor, typically the scope (e.g. German Identity Document). Function Modules for different biometric characteristics are divided by a comma while a choice between different technologies is denoted by a slash (e.g. AH-FP-FTR, AH-PH-FBS/AH-PH- DC). Bundesamt für Sicherheit in der Informationstechnik 7

Inhaltsverzeichnis 3. On the basis of the identifier the according Function Module can be examined. Every Function Module provides detailed technical requirements and recommendations. 8 Bundesamt für Sicherheit in der Informationstechnik

Application Profiles 4 Application Profiles Different areas in which this guideline can be used are defined in separate Application Profiles. Application Profiles can have mandatory status, e.g. through published regulations and laws or by requirements given in tenders. Besides, such Application Profiles can also be considered as Best Practices. An Application Profile is described with the following items: Introduction (legal requirements) Process overview Target audience Users Technology suppliers Software Architecture Overview Relevant standards and conditions List of mandatory Function Modules Bundesamt für Sicherheit in der Informationstechnik 9

Inhaltsverzeichnis 5 Function Modules 5.1 Organisation of the Function Modules Specific technical requirements are structured in Function Modules. They contain detailed technical requirements for the respective component. Function Modules are aligned to the products on the market and to the targets of evaluation. Every Function Module is built of one or more sub-clauses which are assigned to unique identifiers. Within the sub-clauses requirements and recommendations are specified in detail. 5.2 Function Module classes Table 5-1 gives an overview of the different Function Module classes. Function Module class Process Acquisition Hardware Acquisition Software Biometric Image Processing Quality Assurance Compression Description The module Process describes the modality of how the different Function Modules have to be called and combined in order to achieve the objective of the Application Profile. Any deviant call of modules is specified with additional information. Devices that are used for digitising physical representable biometric characteristics are called acquisition hardware. Scanners for capturing photographs, digital cameras to capture facial images, fingerprint sensors, or signature tablets can be named as examples. Acquisition Software encapsulates all functionality regarding image processing except for biometric purposes. Therefore, this module usually contains device driver software for the Acquisition Hardware or in general software that is very close to the physical hardware. Furthermore, colour management and image enhancement mechanisms are often part of this software layer. The module Biometric Image Processing provides the extraction of all relevant biometric information from the data, which is provided by the Acquisition Hardware or the Acquisition Software layer. Thus, a proprietary data block is transformed to a digital image of a biometric characteristic. In general, specific image processing for biometrics is addressed here e.g. provision of full frontal images or segmentation of fingerprints. This module contains all kinds of mechanisms and procedures to check the quality of the biometric data or to select the best quality data out of multiple instances. Quality assurance is typically used in evaluation of an application's performance over time.. The objective of the module Compression is to keep the biometric data below a 10 Bundesamt für Sicherheit in der Informationstechnik

Function Modules feasible size without losing too much quality for a biometric verification or identification. Operation Within the module Operation, the working process is specified for the respective operator. User Interface The User Interface modules give requirements on visualization and user interaction. This encloses, among other things, functionality, quality assurance information, and veto messages. Reference Storage Biometric Comparison Logging Coding Evaluation The objective of this module is to store biometric data in a way that it can be used for reference purposes later on. The module Biometric Comparison encloses the mechanisms and algorithms to verify or identify an identity based on a one-to-one or one-to-many biometric comparison between reference data and a current biometric sample (usually a live presented image) no matter where the reference is stored. The module Logging contains requirements how and in which modality data has to be logged. This module contains the procedures to code logging data as well as biometric data in defined formats. Interoperability is provided by means of standard compliant coding. Methods and interfaces which are used in the scope of evaluation are the content of this module. Table 5-1: Function module classes Bundesamt für Sicherheit in der Informationstechnik 11

List of abbreviations 6 6 List of abbreviations Abbreviation Description ACQ AD AFIS AH ANSI AP APP AS BEA BioAPI BioSFPI BioSPI BIP BMS Acquisition Acquisition Device Automated Fingerprint Identification System Acquisition Hardware American National Standards Institute Application Profile Application Acquisition Software Biometric Evaluation Authority Biometric Application Programming Interface Biometric Sensor Function Provider Interface BioAPI Service Provider Interface Biometric Image Processing Biometric Matching System BMP Windows Bitmap version 3 BSI BFP BSFP BSP CMP COD Bundesamt für Sicherheit in der Informationstechnik (Federal Office for Information Security) Biometric Function Provider Biometric Sensor Function Provider Biometric Service Provider Biometric Comparison Coding Bundesamt für Sicherheit in der Informationstechnik 13

6 List of abbreviations COM CRM CTS DC DET eid epass EU EVA FAR FBS FM FMR FNMR FP FRR FTR GID ICAO ID JPG Compression Cross-matching Conformance test suite Digital camera Detection error trade-off Electronic identity document Electronic passport European Union Evaluation False accept rate Flat bed scanner Function Module False match rate False non-match rate Fingerprint False reject rate Frustrated total reflection German Identity Document International Civil Aviation Organization Identity JPEG JP2 JPEG 2000 LOG MF Logging Multi finger 14 Bundesamt für Sicherheit in der Informationstechnik

List of abbreviations 6 NCA NIST O P PG PH PT QA REF SB SDK SF TC TR UI VAPP VBIC VEIC VIC VID VIS WSQ WSQR National Central Authority National Institute of Standards and Technology Operation Process Photo Guideline ("Fotomustertafel ) Photo Photo Template ("Lichtbildschablone ) Quality Assurance Reference Storage Software based Software Development Kit Single finger Test Case Technische Richtlinie (Technical Guideline) User Interface Visa Application Visa Basic Identity Check Visa Extended Identity Check Visa Identity Check Verification Identity Document Visa Information System Wavelet Scalar Quantisation Wavelet Scalar Quantisation for reference storage Bundesamt für Sicherheit in der Informationstechnik 15

7 Bibliography 7 Bibliography [ANSI_NIST] [CBEFF] [EAC] ANSI/NIST-ITL 1-2000, American National Standard for Information Systems Data Format for the Interchange of Fingerprint, Facial, & Scar Mark & Tattoo (SMT) Information, availble at: http://www.itl.nist.gov/ansiasd/sp500-245-a16.pdf ISO/IEC 19785-1:2006 "Information technology - Common Biometric Exchange Formats Framework - Part 1: Data element specification" Technical Guideline BSI TR-03110: Advanced Security Mechanisms for Machine Readable Travel Documents, Version 2.10, 2012 [EBTS/F] FBI Electronic Biometric Transmission Specification Version 8, Appendix F, September 2007. [EC_767_2008] [EC_296_2008] [EC_2252/2004] [EC_648_2006] Regulation (EC) No. 767 2008 of the European Parliament and of the Council of 9 July 2008 concerning the Visa Information System (VIS) and the exchange of data between Member States on short-stay visas (VIS Regulation) Regulation (EC) No 296/2008 of the European Parliament and of the Council of 11 March 2008 amending Regulation (EC) No 562/2006 establishing a Community Code on the rules governing the movement of persons across borders (Schengen Borders Code), as regards the implementing powers conferred on the Commission Regulation (EC) No 2252/2004 of the European Parliament and of the Council of 13 December 2004 on standards for security features and biometrics in passports and travel documents issued by Member States. Commission Decision of 22 September 2006 laying down the technical specifications on the standards for biometric features related to the development of the Visa Information System [ICAO_06] ICAO Document 9303, Machine Readable Travel Documents, Part 1 Machine Readable Passports, 6th edition, 2006 [ICAO_08] [ISO_19784-1] [ISO_19784-4] ICAO Document 9303, Machine Readable Travel Documents, Part 3 Size 1 and Size 2 Machine Readable Official Travel Documents, 3rd edition, 2008 ISO/IEC 19784-1:2006 Information technology Biometric application programming interface Part 1: BioAPI specification ISO/IEC 19784-4:2011: Information technology Biometric application programming interface Part 4: Biometric sensor function provider interface 16 Bundesamt für Sicherheit in der Informationstechnik

Bibliography 7 [ISO_FACE] [ISO_FINGER] [ISO_10918-1] [ISO_15444] [ISO_19785-3] [ISO_24709-1] [ISO_24709-2] [NBIS] [NFIS] [PhotoGuide] [RFC2119] [Template] [VIS-ANSI_NIST] ISO/IEC 19794-5:2005 Information technology - Biometric data interchange formats - Part 5: Face image data ISO/IEC 19794-4:2005 Information technology - Biometric data interchange formats - Part 4: Finger image data ISO/IEC 10918-1:1994: Information technology Digital compression and coding of continuous-tone still images: Requirements and guidelines ISO/IEC 15444-1:2004 Information technology - JPEG 2000 image coding system: Core coding system ISO/IEC 19785-3:2007 Information technology Common Biometric Exchange Formats Framework Part 3: Patron format specification ISO/IEC 24709-1: 2007 Information technology Conformance testing for the biometric application programming interface (BioAPI) Part 1: Methods and procedures ISO/IEC 24709-2: 2007 Information technology Conformance testing for the biometric application programming interface (BioAPI) Part 2: Test assertions for biometric service providers http://fingerprint.nist.gov/nbis/index.html http://fingerprint.nist.gov/nfis/index.html Photo guideline ("Fotomustertafel") RFC 2119: Key words for use in RFCs to Indicate Requirement Levels. Photo template ("Lichtbildschablone") VIS-ANSI/NIST, European Commission Directorate-General Justice, Freedom and Security Visa Information System NIST Description, Version 1.23, 2009 Bundesamt für Sicherheit in der Informationstechnik 17

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information